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comprising: 



A method of managing virtual channels in a multicast session, the method 



receiving a request from a requestor to join the multicast session for a time 



period; 



assigning a virtual channel to the requestor based on the time period; 

forwarding a virtual channel key to the requestor; and 

forwarding the virtual channel key to all members of the virtual channel. 



2. A method according to claim 1, wherein each virtual channel is associated with a 
time duration. 

3. A method according to claim 1, wherein no member can be in more than one 
virtual channel. 

4. A method according to claim 1, further comprising: 
distributing a data key to each multicast virtual channel. 

5. The method according to claim 1, wherein all of the virtual channels reside 
within one domain. 

6. The method according to claim 1, further comprising: 

rekeying the virtual channel key when membership of the virtual channel 
changes. 

7. The method according to claim 6, wherein in the act of rekeying at least one 
member is present in the virtual channel after the membership changes. 
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8. The method according to claim 2, associating an unlimited time duration with a 
virtual channel creating a permanent virtual channel. 

9. The method according to claim 2, wherein a member may join a virtual channel 
for less than the virtual channel's full time duration. 

10 

10. The method according to claim 2, further comprising: 

creating a lower and upper bounds for the virtual channel based on the time 
duration of the virtual channel. 



15 11. A method according to claim 2, further comprising: 
sS *, reassigning time duration for a virtual channel if a virtual channel is freed. 

. h 
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Q 12. A method according to claim 2 r further comprising: 

j:& reassigning time duration for all virtual channels if a virtual channel is freed. 

I 20 

^ 13. The method according to claim 11, wherein a virtual channel is freed when an 

! 5p upper member expires. 

'% 14. The method according to claim 11, wherein a virtual channel is freed when all 

25 members expire. 

15. The method according to claim 12, wherein in the act of reassigning further 
comprises the step of reconfiguring the lower and upper bounds of all virtual channels. 



30 16. The method according to claim 11, wherein only the freed virtual channel rekeys 
the virtual channel key to all members of the freed virtual channel. 
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YV An apparatus for managing virtual channels in a multicast session, the apparatus 
comprising: 

a receiver for receiving a request from a requestor to join the multicast 
session for a time period; 

an assignment module for assigning a virtual channel to the requestor 
based on the time periods; 

a requestor forwarding module for forwarding a virtual channel key to 
the requestor; and 

a member forwarding module for forwarding the virtual channel key to 
all members of the virtual channel 

18. The apparatus according to claim 17, further comprising: 

a virtual channel module which creates each virtual channel based on a time 
duration. 

19. The apparatus according to claim 17, wherein the assignment module prevents a 
member from being in more than one virtual channel. 

20. The apparatus according to claim 17, further comprising: 

a data key distributor for distributing a data key to each multicast virtual 
channel. 

21. The apparatus according to claim 17, wherein the apparatus controls the 
multicast virtual channels which reside within one domain. 

22. The apparatus according to claim 17, further comprising: 

a rekeying module for rekeying a virtual channel when membership of the 
virtual channel changes. 
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23. The apparatus according to claim 18, wherein the virtual channel module creates 
a permanent virtual channel with an unlimited duration. 

24. The apparatus according to claim 18, wherein the receiver may receive a request 
to join a virtual channel for less than the virtual channel's full time duration. 

25. The apparatus according to claim 18, wherein the virtual channel module 
creates a lower and upper bounds for the virtual channel based on the time duration of 
the virtual channel. 

26. The apparatus according to claim 18, further comprising: 

a reassignment module for reassigning time duration for a virtual channel if the 
virtual channel is freed. 

27. The apparatus according to claim 18, further comprising: 

a reassignment module for reassigning time duration for all virtual channels if a 
virtual channel is freed. 

28. The apparatus according to claim 27, wherein a virtual channel is freed when an 
upper member expires. 

29. The apparatus according to claim 27, wherein a virtual channel is freed when all 
members expire. 

30. The apparatus according to claim 27, wherein the reassignment module 
reconfigures the lower and upper bounds of all virtual channels. 

31. The apparatus according to claim 22, wherein the rekeying module rekeys the 
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virtual channel key to all members of a freed virtual channel. 

/ 

2T2. A computer program product for use on a computer system for managing virtual 
'channels in a multicast session, the computer program product comprising a computer 
usable medium having computer readable program code thereon, the computer 
readable program code including: 

receiving a request from a requestor to join the multicast session for a time period; 

computer code for assigning a virtual channel to the requestor based on . 
the time periods; 

computer code for forwarding the virtual channel key to the requestor; and 
computer code for forwarding the virtual channel key to all members of the 
virtual channel. 

33. A computer program product according to claim 32, wherein each virtual 
channel is associated with a time duration. 

34. A computer program product according to claim 32, wherein no member can be 
in more than one virtual channel. 

35. A computer program product according to claim 32, further comprising: 
computer code for distributing a data key to each multicast virtual channel. 

36. The computer program product according to claim 32, wherein all of the virtual 
channels reside within one domain. 

37. The computer program product according to claim 32, further comprising: 
computer code for rekeying the virtual channel key when membership of the 

virtual channel changes. 
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38. The computer program product according to claim 33, further comprising: 
computer code for associating an unlimited duration with a virtual channel 

creating a permanent virtual channel. 

39. The computer program product according to claim 33, wherein a member may 
join a virtual channel for less than the virtual channel's full time duration. 

40. The computer program product according to claim 33, further comprising: 
computer code for creating a lower and upper bounds for the virtual channel 

based on the time duration of the virtual channel. 

41. The computer program product according to claim 33, further comprising: 
computer code for reassigning time duration for a virtual channel if a virtual 

channel is freed. 

42. The computer program product according to claim 33, further comprising: 
computer code for reassigning time duration for all virtual channels if a virtual 

channel is freed. 

.43. The computer program product according to claim 41, wherein a virtual channel 
is freed when an upper member expires. 

44. The computer program product according to claim 41, wherein a virtual channel 
is freed when all members expire. 

45. The computer program product according to claim 42, wherein the computer 
code for reassigning, further comprises: 

computer code for reconfiguring the lower and upper bounds of all virtual 
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channels. 



46. The computer program product according to claim 37, further comprising 
computer code for rekeying a virtual channel key only to the members of a freed virtual 
channel. 

AT( A method of creating a secure multicast session, the multicast session having a 
/plurality of virtual channels, at least one of the virtual channels having a member, the 
method comprising: 

associating each member with one of the plurality of multicast virtual channels 
based on a time-based distribution policy; 

distributing virtual channel keys to the members, each member receiving one 
virtual channel key based upon their associated virtual channel; and 

rekeying the virtual channel key when membership of the virtual channel 
changes. 

48. A method according to claim 47, wherein the virtual channel key is sent in a 
unicast session to each member. 

49. A method according to claim 47, wherein each virtual channel is associated with 
a time duration. 

50. A method according to claim 47, wherein no member can be in more than one 
virtual channel. 

51. A method according to claim 47, further comprising: 
distributing a data key to each multicast virtual channel. 
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52. The method according to claim 47, wherein all of the virtual channels reside 
within one domain. 

53. The method according to claim 47, wherein in the act of rekeying at least one 
member is present in the virtual channel after the membership changes. 

54. The method according to claim 48, associating an unlimited duration with a 
virtual channel creating a permanent virtual channel. 

55. The method according to claim 48, wherein a member may join a virtual channel 
for less than the virtual channel's full time duration. 

56. The method according to claim 48, further comprising 

creating a lower and upper bounds for the virtual channel based on the time duration of 
the virtual channel. 

57. A method according to claim 48, further comprising: 

reassigning time duration for a virtual channel if a virtual channel is freed. 

58. A method according to claim 48, further comprising: 

reassigning time duration for all virtual channels if a virtual channel is freed. 

59. The method according to claim 57, wherein a virtual channel is freed when an 
upper member expires. 

60. The method according to claim 57, wherein a virtual channel is freed when all 
members expire. 
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61. The method according to claim 58, wherein in the act of reassigning further 
comprises the step of reconfiguring the lower and upper bounds of all virtual channels. 

62. The method according to claim 58, wherein only the freed virtual channel rekeys 
the virtual channel key to all members of the freed virtual channel. 

^3. An apparatus for creating a secure multicast session, the multicast session having 
a plurality of virtual channels, at least one virtual channel having a member, the 
method comprising: 

an associator module for associating each member with one of the plurality of 
multicast virtual channels based on a time-based distribution policy; 

a distribution module for distributing virtual channel keys to the members, each 
member receiving one virtual channel key based upon their associated virtual channel; 
and 

a rekeying module for rekeying the virtual channel key when membership of the 
virtual channel changes. 

64. The apparatus according to claim 63, wherein in distribution module the virtual 
channel key is sent in a unicast session to each member. 

65. The apparatus according to claim 63, further comprising: 

a virtual channel module which creates each virtual channel based on a time 
duration. 

66. The apparatus according to claim 63, wherein the assignment module prevents a 
member from being in more than one virtual channel. 

67. The apparatus according to claim 63, further comprising: 
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a data key distributor for distributing a data key to each multicast virtual 
channel 

68. The apparatus according to claim 63, wherein the multicast virtual channels 
reside within one domain. 

69. The apparatus according to claim 65, wherein the virtual channel module creates 
a permanent virtual channel with an unlimited duration. 

70. The apparatus according to claim 65, wherein the receiver may receive a request 
to join a virtual channel for less than the virtual channel's full time duration. 

71. The apparatus according to claim 65, wherein the virtual channel module 
creates a lower and upper bounds for the virtual channel based on the time duration of 
the virtual channel. 

72. The apparatus according to claim 65, further comprising: 

a reassignment module for reassigning time duration for a virtual channel if the 
virtual channel is freed. 

73. The apparatus according to claim 65, further comprising: 

a reassignment module for reassigning time duration for all virtual channels if a 
virtual channel is freed. 

74. The apparatus according to claim 72, wherein a virtual channel is freed when an 
upper member expires. 
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75. The apparatus according to claim 72, wherein a virtual channel is freed when all 
members expire. 

76. The apparatus according to claim 73, wherein the reassignment module 
reconfigures the lower and upper bounds of all virtual channels. 

77. The apparatus according to claim 63, wherein the rekeying module rekeys the 
virtual channel key to all members of a freed virtual channel. 

A computer program product for use on a computer system for creating a secure 
ast session, the multicast session having a plurality of virtual channels, at least 
one virtual channel having a member, the computer program product comprising a 
computer usable medium having computer readable program code thereon, the 
computer readable program code including: 

computer code for associating each member with one of the plurality of multicast 
virtual channels based on a time-based distribution policy; 

computer code for distributing virtual channel keys to the members, each 
member receiving one virtual channel key based upon their associated virtual channel; 
and 

computer code for rekeying the virtual channel key when membership of the 
virtual channel changes. 

79. The apparatus according to claim 78, wherein in distribution module the virtual 
channel key is sent in a unicast session to each member. 

80. A computer program product according to claim 78, wherein each virtual 
channel is associated with a time duration. 
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81. A computer program product according to claim 78, wherein no member can be 
in more than one virtual channel. 

82. A computer program product according to claim 78, further comprising: 
computer code for distributing a data key to each multicast virtual channel. 

83. The computer program product according to claim 78, wherein all of the virtual 
channels reside within one domain. 

84. The computer program product according to claim 80, further comprising: 
computer code for associating an unlimited duration with a virtual channel 

creating a permanent virtual channel. 

85. The computer program product according to claim 80, wherein a member may 
join a virtual channel for less than the virtual channel's full time duration. 

86. The computer program product according to claim 80, further comprising 
computer code for creating a lower and upper bounds for the virtual channel 

based on the time duration of the virtual channel. 

87. The computer program product according to claim 80, further comprising: 
computer code for reassigning time duration for a virtual channel if a virtual 

channel is freed. 

88. The computer program product according to claim 80, further comprising: 
computer code for reassigning time duration for all virtual channels if a virtual 

channel is freed. 
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89. The computer program product according to claim 81, wherein a virtual channel 
is freed when an upper member expires. 

90. The computer program product according to claim 81, wherein a virtual channel 
is freed when all members expire. 

91. The computer program product according to claim 82, wherein the computer 
code for reassigning further comprises computer code for reconfiguring the lower and 
upper bounds of all virtual channels. 

92. The computer program product according to claim 80, further comprising 
computer code for rekeying a virtual channel key only to the members of the freed 
virtual channel. 
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